We’re devloping an mobile game on Android an iOS. Our problem is the communication between devices and backend systems. To secure the requests to the API’s we want to be sure, its the user on phone (maybe someone has a better / secured way?). We didnt found any other / better solution to verify the API calls from other, disallowed devices (hacking).
How does this other games? I think they all communicate with their own API’s and not only with Google Play Services or GameCenter from iOS.
Is there a way to identify a user thrue Google Play Account? Identify thrue Device ID wouldn’t work, because if the holder of phone changes the phone, there is no way to identify again.
How you do this for API calls? To store the access information directly in the code (static) isn’t very secure. Of corse we have token authentification but even this can be easely find out when the data stores in the game.
Summary: I’m looking for a way to secure communication between players and backend API’s (REST). A login for the user isn’t a solution because its very user-unfriendly and all other games doesnt provide this.
Thanks for your help!